This information is provided in order to inform Users on the methods of processing personal data in the context of the use of the website www.boxofficelive.it ("Site"), pursuant to and for the purposes of EU Reg. 2016/679 ("GDPR") and Legislative Decree 196/2003 (as amended by Legislative Decree 101/2018 for the adaptation of national legislation to the provisions of the GDPR).
- is limited to the indicated website and not for other third party websites to which the User can connect;
- is intended for all Users who interact with the Site, for those who use the Site without registering and for those who, after completing the appropriate registration procedure, use the online services offered through the Site;
- is made pursuant to art. 13-14 GDPR, as well as in compliance with Recommendation no. 2/2001 that the European Authorities for the Protection of Personal Data, gathered in the Group established by art. 29 of the Directive n. 95/46 / EC, adopted on 17 May 2001 to identify some minimum requirements for the collection of personal data online and subsequent amendments and additions.
Registration on the Site and subsequent use of the services offered through the Site (including booking services, purchase, issuance and shipment of tickets - so-called ticketing service) and the information service about the events on sale, the opening dates of the sales and other information related to the events, involves the processing of the User's personal data.
This treatment is illustrated below.
1. Type of data processed
The data that can be collected and processed in the manner and for the purposes indicated below are the following:
a) in the case of filling in the "Contact" form of the Site, the common personal and identifying data such as name, surname, telephone number and email address, in addition to the information contained in the text of the request sent;
b) in the case of registration on the Site:
- common and identifying personal data such as name, surname, address, telephone number, email address;
- data on the order and the purchase process in the event that the User registered on the Site subsequently proceeds with the purchase of the ticket;
c) data relating to navigation on the Site, such as IP addresses or domain names of the computers used by Users who connect to the Site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's computer environment. These data are used, for the time strictly necessary, for the sole purpose of checking the correct functioning of the Site. The data could be used to ascertain responsibility in the case of computer crimes against the Site.
The Data Controller does not collect or process personal data falling within the "particular categories" of data (ie those personal data that reveal racial or ethnic origin, religious or philosophical or other beliefs, political opinions, membership of associations or organizations of a religious, philosophical or trade union nature, as well as personal data suitable for revealing the state of health) or data relating to criminal convictions and offenses.
2. Purpose of the processing and legal basis of the processing
The data processing has the following purposes:
a) find the User's request sent via the "Contacts" form of the Site;
b) for registration on the Site;
c) for the provision of the event ticket purchase service through the Site (so-called ticketing service);
d) for sending newsletters, i.e. sending electronic communications containing information and / or advertising material relating to events and the purchase of related tickets through the Site, and this through automated systems such as email (marketing purposes ).
The treatments find their legal basis:
i. the. in the consent of the interested party (Article 6, letter a GDPR) for the purposes referred to in art. 2, lett. a) and art. 2, lett. d), although consent is not necessary in the event that the email address used by the Owner is used in the context of the sale of a product or service (soft spam) or following a request from the recipient (eg newsletter);
ii. in the fulfillment of contractual obligations or pre-contractual measures (Article 6, letter b GDPR) for the purposes referred to in art. 2 lett. b), lett. c) and lett. d);
iii. in the fulfillment of legal obligations, regulations or community legislation to which the Data Controller is required (Article 6 letter c GDPR), including the fulfillment of tax obligations, in the field of public security and in the matter of "secondary ticket" ;
iv. by virtue of the legitimate interest of the Data Controller or of third parties to whom the data are communicated (Article 6, letter d GDPR), consisting in the defense in court of a right or an interest before the competent authority or body, including the credit recovery activities; in the case of sending communications to the email address provided when purchasing the ticket in order to offer services similar to those already purchased by the interested party, subject to opposition to the processing (so-called soft spamming); for the organizational management of the event (communication relating to the cancellation or postponement of the date of the event, information for accessing or participating in the event, how to request a refund of the ticket in the event of cancellation of the event).
3. Provision of data
The provision of data for the purposes referred to in art. 2 is optional.
However, failure to provide the data will not allow the User to register on the Site, use the ticketing and newsletter service and in general to process requests, establish the contractual relationship and follow up on legal and contractual obligations.
With reference to the purpose referred to in art. 2 lett. d) (marketing purposes - newsletter), the provision of data is optional and the processing is based on consent, optional and revocable at any time. Failure to provide data for the purpose of sending newsletters does not exclude the possibility of registering on the Site and using the services provided by the Data Controller through the Site. Failure to provide data will make it impossible to receive news or advertising material relating to the products. and / or services offered by Verona Box Office and / or third parties.
It is understood that, in the event that consent is not given for the purposes referred to in art. 2 lett. d), the Data Controller may in any case use your data in order to fulfill the obligations established by law and the obligations deriving from the contractual relationships established between the parties and / or for the pursuit of a legitimate interest as specified in point iv) above. The consent given for the purposes referred to in art. 2 lett. d) can be revoked at any time.
It is understood that any subsequent revocation of consent does not affect the lawfulness of the data processing carried out in the period prior to the revocation.
4. Processing methods
The data are processed by means of electronic, including automated, telematic and paper tools, in order to guarantee the security and confidentiality of the data. Furthermore, the data is managed in environments whose access is under constant control and accessible only by authorized personnel.
5. Communication of data
The data may be disclosed to:
a) personnel authorized to process data (employees, internal collaborators, etc.);
b) to third parties duly appointed as external managers (eg consultants, persons in charge of the installation, maintenance, updating, management of the hardware and software of the Owner or of which the Company uses for the provision of the Services);
c) to subjects who can access the data by virtue of legal provisions, regulatory or administrative measures, or pursuant to community legislation, within the limits established by law;
d) third-party companies through which tickets are offered (event organizers whose tickets are sold through the Site), for the management and verification of admission tickets to the events;
e) third parties who work on behalf of the Data Controller (companies responsible for printing, shipping and delivering tickets purchased through the Site; couriers or shippers for the delivery of products).
6. Transfer and dissemination of data
The User's personal data will not be transferred either to member states of the European Union or to third countries outside the European Union.
Furthermore, the data will not be disseminated in any way, meaning by "dissemination" the disclosure of it to indeterminate subjects in any way, including by making the data available or consulting.
7. Retention time
The personal data provided by the User are kept for the period of time necessary for the provision of the requested service. Particularly:
a) in general, the data are kept for a period of 10 years from their collection; the data will be processed and stored for the entire duration of the contractual relationship and, subsequently, for the time required by law on the prescription of rights and / or forfeiture of the action, for the exercise of the rights of defense by the Owner
b) in the event of cancellation, exclusion or disabling due to non-use of your account on the Site, your data will be kept for administrative purposes for a period not exceeding one quarter, without prejudice to any specific legal obligations on the conservation of accounting documentation or for security purposes;
c) the data provided for the purposes referred to in art. 2 lett. d) (newsletter) will be kept for the period prescribed by the Supervisory Authority and therefore for a period of 24 months from registration or from the relative renewal of consent.
Notwithstanding the foregoing, it is understood that after the period indicated the data will no longer be processed for the specific purpose indicated.
8. Children under the age of 14
The Site does not contain information, features or services intended directly for users under the age of 14.
Art. 2 quinquies of Legislative Decree 101/2018 established that "in implementation of art. 8, par. 1, of the Regulations, the minor who has reached the age of 14 can express consent to the processing of their personal data in relation to the direct offer of information society services. With regard to these services, the processing of personal data of minors under the age of 14, based on art. 6, par. 1, lett. a), of the Regulations, is lawful on condition that it is provided by the person exercising parental responsibility ".
Therefore, minors under the age of 14 must not provide personal data in the absence of the consent of the exercisers of parental authority over them.
In the event that the Data Controller becomes aware of the fact that the data are provided by a person under the age of 14, the company will request the transmission of specific consent from the parents (or the parental responsibility operator), reserving the right to inhibit access to services of the Site to the person who concealed the minor age or communicated the data in the absence of parental consent.
9. Payments on the Site
Payment for reservations is made exclusively by credit card. The credit cards accepted to date are VISA, Mastercard and PAYPAL. After selecting the tickets of interest and completing the order phase, the User will enter the information relating to his / her credit card directly on the server of the Affiliated Credit Institution.
For each reservation, the cost of the entrance ticket is charged, including the presale, the rights of the reservation service and the shipping costs (if requested). The individual items are highlighted at the time of booking.
Due to the particular characteristics of the sector and the regulations in force in the field of show ticketing or events in general, any practice for which the Manager has received regular payment is understood to be implicitly and definitively accepted by the User.
The figures that appear on the booking system are immediately updated on ALL the costs that are incurred. There are no hidden charges after the last moment. ALL prices are indicated in Euros. Credit card payments are safe.
9.1 Transaction security
Boxofficelive, to ensure the security of the transmission of confidential data (such as credit card number), uses the best known and most established protocol for secure transactions on the Web: 128-bit Secure Socket Layer (SSL).
The use of this technology requires confidential information to travel on the Internet only in encrypted form, or coded according to a complex mathematical algorithm - developed by VeriSign - which guarantees its illegibility by malicious people. The use of a secure SSL server by the user is possible, in a completely transparent way, provided they have a compatible browser, that is, able to communicate in encrypted form with the secure server. The most recent versions of Internet Explorer and Netscape Navigator, that is the most popular ones, have no difficulty in correctly implementing this kind of service.
The sending and receiving of data in connection to a secure SSL server is generally signaled by the browser with specific warning messages, in addition:
- Internet Explorer displays the "closed padlock" image at the bottom right and makes information on the SSL certificate available (certification authority, release dates, expiration ...) using the "Certificates" item from the File> Properties menu.
- Netscape Navigator displays the "closed padlock" image at the bottom left.
Boxofficelive.it uses the secure SSL server for the transmission of credit card data. After selecting payment by credit card, you access a page that allows you to enter your data and then send them to the secure SSL server.
This page resides on the computers of the affiliated bank for payments: Boxofficelive.it does not store your credit card number in any way. It will only be used by the bank to authorize the debit by BoxOffice, a procedure which does not make the number visible even to the staff of Boxofficelive.it.
Boxofficelive.it for transactions has an agreement with Unicredit Banca S.p.A.
Cookies are text strings that the websites (so-called publisher or "first party") visited by the user or different sites or web servers (so-called third parties) place or store within a terminal device in the availability of user (so-called "active" identifiers).
11. Holder of the treatment
The data controller of personal data is VERONA BOX OFFICE SRL, with registered office in Verona, Via Pallone n. 16 (VAT number 02335340234).
12. Exercise of rights.
At any time you have the right to obtain cancellation (right to be forgotten), limitation, updating, rectification, portability, opposition to the processing of personal data concerning you, and in general exercise all the rights provided. by articles 15, 16, 17, 18, 19, 20, 21, 22 of the GDPR.
To exercise these rights you can send a written request in free form to VERONA BOX OFFICE SRL, with registered office in 37121 Verona, Via Pallone n. 16 or to the email address firstname.lastname@example.org
** ** **
Rights of the interested party
In relation to the treatments described in the Information, as an interested party you can exercise the following specific rights: (a) right of access (Article 15 of the GDPR): right to obtain confirmation as to whether or not personal data is being processed that concern and be informed on the purposes, methods of treatment and any appointed manager, as well as on the subjects or categories of subjects to whom the personal data may be communicated; (b) right of rectification (Article 16 of the GDPR): the right to obtain from the Data Controller the updating, rectification or integration of personal data; (c) right to cancellation (Article 17 of the GDPR): right to obtain cancellation, transformation into anonymous form or blocking of personal data; (d) right to limitation of processing (Article 18 of the GDPR): in the presence of certain conditions, the right to obtain the limitation of the processing of their personal data; (e) right to data portability (Article 20 GDPR): right to receive, in a structured format, commonly used and readable by an automatic device, the personal data concerning you provided to the Data Controller and the right to obtain that the Your personal data are transmitted directly from the Data Controller to another Data Controller if this is technically feasible; (f) right to object (Article 21 of the GDPR): right to object to the processing of personal data concerning you, subject to the limits established by law; (g) right to withdraw consent - right to withdraw consent to the processing of your data at any time, without prejudice to the lawfulness of the processing based on consent before the withdrawal; (h) right to lodge a complaint with the supervisory authority.